Hikvision opens Source Code Transparency Center in California

March 13, 2018
Company looks to reassure government agencies that its products are cyber secure with opening of new facility

As part of an effort to demonstrate its commitment to product security, video surveillance solutions manufacturer Hikvision last week opened a new Source Code Transparency Center (SCTC) at its North American headquarters in California. The goal of the facility is to provide an opportunity for government agencies in both the United States and Canada to review the source code of a number of IP cameras, NVRs and other products sold by the company.

According to Chuck Davis, Director of Cybersecurity for Hikvision North America, the opening of the center is part of a campaign by the company to make significant improvements to its cyber program in North America. “We are continuing to update our internal cybersecurity program and look for new ways to engage and to offer educational resources to our partners on this topic,” Davis says. “Since I was hired by Hikvision six months ago, we have completed penetration testing with Rapid7, opened a cybersecurity hotline, completed a Canadian cybersecurity road show tour, hired additional staff for our cybersecurity team, scheduled a 2018 cybersecurity road show, and now we are opening the SCTC.”

Although mitigating cybersecurity threats remains an industry-wide issue, specific vulnerabilities affecting Hikvision products have caught the eyes of the media and lawmakers as of late; in fact, the company was mentioned by name during a hearing held in January by the U.S. House Committee on Small Business that focused on combatting foreign cyber threats. Specifically, Rep. Steve Chabot citied two separate instances in 2014 in which technology researchers discovered bitcoin mining malware as well as three major buffer overflow vulnerabilities in Hikvision DVRs, both of which were addressed by the company.  

With the opening of the SCTC, Davis says the company hopes to “raise the bar” when it comes to physical security industry standards for cybersecurity and transparency. “As the largest video surveillance manufacturer in the world, we feel it is our responsibility to be a leader in cybersecurity defense, and we are fully committed to this effort,” Davis says. “This program is another step in our continued commitment to security and transparency. We're excited about the establishment of the SCTC and believe it's a positive milestone for our company, our customers and the security industry.”

Government officials interested in taking a look at the company’s product source code can simply reach out to a Hikvision sales rep, who will work to schedule an appointment to visit the SCTC. Anyone visiting the center will also be required to sign a non-disclosure agreement.

When asked if the center would eventually be opened to security researchers and/or end-users interested in deploying the company’s products, Davis said they may decide to open up code review to additional applicants as their processes mature. Hikvision will not disclose any details on the program’s participants, government or otherwise. 

About the Author:

Joel Griffin is the Editor-in-Chief of SecurityInfoWatch.com and a veteran security journalist. You can reach him at [email protected].